本文共 9036 字,大约阅读时间需要 30 分钟。
DNS服务器安装
思路:关闭防火墙和selinux配置yum源软件三部曲:查看并安装软件确认并成功安装查看软件列表了解配置文件(语法|参数设置) ------man 5 xxx.conf根据需求通过修改配置文件完成服务搭建启动服务,开机自启动测试验证yum install -y bindrpm -q bind 查看是否安装成功查看软件列表rpm -ql bind |less/etc/logrotate.d/named 日志轮转/etc/named 配置文件主目录/etc/named.conf 主配置文件/etc/named.rfc1912.zones zone 文件 定义域/etc/rc.d/init.d/named 启动脚本/usr/sbin/named 二进制文件/usr/sbin/named-checkconf 检查配置文件命令 named.conf named.rfc1912/usr/sbin/named-checkzone 检查zone文件是否正确。区域文件是否正确/var/log/named.log 日志文件/var/named 数据文件的主目录/var/named/data /var/named/named.ca 跟域服务器/var/named/named.empty /var/named/named.localhost 正向解析区域文件的模板/var/named/named.loopback 反向/var/named/slaves dns服务器下载文件的默认路径/var/run/named 进程文件主配置文件:options {listen-on port 53 { 127.0.0.1; }; 监听方式:ip地址为指定监听 any为全网监听listen-on-v6 port 53 { ::1; }; 是指当主机有多个网卡的时候,无论客户端连接哪个ipdirectory "/var/named"; 如果为any 都得到回应dump-file "/var/named/data/cache_dump.db"; dns缓存 statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; }; 允许哪些人查询,any为任何人,可以ip指定谁,分号结尾recursion yes; 是否递归dnssec-enable yes; DNS安全扩张机制——签名认证dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";
};
zone "." IN { 跟域服务器 type hint;file "named.ca";
};
include "/etc/named.rfc1912.zones";include "/etc/named.root.key";子配置文件
/etc/named.rfc1912.zones正向解析区域文件的模板zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};
反向zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};
cat named.localhost
$TTL 1D@ IN SOA @ rname.invalid. (0 ; serial 主从才有用 跟新序列号1D ; refresh 更新间隔-从服务器下载数据1H ; retry 失败重试1W ; expire 区域文件的过期时间3H ) ; minimum * 缓存的最小生存时间NS @A 127.0.0.1AAAA ::1里面需要认识的符号:$TTL 缓存的生存时间 @ 当前域,域子配置文件有关 IN 互联网 SOA 开始授权 NS dns服务器 name server A ipv4 AAAA IPV6 CNAME 别名 MX 邮件交互记录 5 苏子代表优先级,数字越小,优先级越高
根据需求搭建
dns服务器 192.168.31.62client 192.168.31.41www.quan.com 203.195.217.229
修改配置文件 named.conf 监听方式 允许谁来查询。options { listen-on port 53 { 127.0.0.1;any;};加入anylisten-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost;any; };加入anyrecursion yes;dnssec-enable no; 修改为no dnssec-validation no; 修改为no /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";
};
修改子配置文件 /etc/named.rfc19212.zones---定义管理域 quan.com追加一下zone "quan.com" IN { type master; file "quan.com.zone"; // 文件名自定义 但需在var/name/创建出来 allow-update { none; };
};
创建区域文件 /var/named/创建与上一步的文件cp -p /var/named/named.localhost /var/named/quan.com.zone-rw-r-----. 1 root named 152 Jun 21 2007 quan.com.zone注意:因为文件的所属组这些与直接创建文件的不一致,导致错误,用cp -p 复制
$TTL 1D
@ IN SOA quan.com. rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ NS dns.quan.com. //dns可以随便指定,但是后面的A记录保持一致dns A 192.168.31.62 //当前dns服务器的IPwww A 203.195.217.229 //
命令检查配置文件语法
[root加CentOS6油 ~]$named-checkconf /etc/named.conf[root加CentOS6油 ~]$named-checkconf /etc/named.rfc1912.zones[root加CentOS6油 ~]$cd /var/named/ //先进入目录[root加CentOS6油 named]$named-checkzone quan.com.zone quan.com.zone 必须写两遍的域文件,否则不成工 zone quan.com.zone/IN: loaded serial 0OK启动服务,开机自启动
service named startchkconfig named onnetstat -nltp |grep 53netstat -nltup |grep 53测试:
client测试工具一 nslookup
指定dns服务器
[root加CentOS7油~]#echo nameserver 192.168.31.62 >/etc/resolv.conf[root加CentOS7油~]#cat /etc/resolv.conf nameserver 192.168.31.62[root加CentOS7油~]#[root加CentOS7油~]#nslookup www.quan.com
Server: 192.168.31.62Address: 192.168.31.62#53Name: www.quan.com
Address: 203.195.217.229dig 工具
[root加CentOS7油~]#dig @192.168.31.62 www.quan.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> @192.168.31.62 www.quan.com
; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46530;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.quan.com. IN A;; ANSWER SECTION:
www.quan.com. 86400 IN A 203.195.217.229;; AUTHORITY SECTION:
quan.com. 86400 IN NS dns.quan.com.;; ADDITIONAL SECTION:
dns.quan.com. 86400 IN A 192.168.31.62;; Query time: 1 msec
;; SERVER: 192.168.31.62#53(192.168.31.62);; WHEN: Thu Apr 11 10:34:31 CST 2019;; MSG SIZE rcvd: 91host工具
指定dns服务器[root加CentOS7油~]#echo nameserver 192.168.31.62 >/etc/resolv.conf[root加CentOS7油~]#cat /etc/resolv.conf nameserver 192.168.31.62[root加CentOS7油~]#host www.quan.comwww.quan.com has address 203.195.217.229注意:正向解析没问题
反向解析不行,因为没有进行反向解析配置如果不可以的话,检查防火墙和selinux和网络需求2
dns server 192.168.31.62client 192.168.31.41解析:www.quan.com ---203.195.217.229
步骤:1. /etc/named.conf 前面进行了配置了,不需要更改
/etc/named.rfc1912.zones 定义了quan.com正向的域
追加:zone "217.195.203.in-addr.arpa" IN { type master;file "203.195.217.zone";allow-update { none; };};3.创建203.195.217.zone
[root加CentOS6油 /]$cat /var/named/203.195.217.zone $TTL 1D@ IN SOA quan.com. rname.invalid. ( 0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ NS dns.quan.com. 注意:因为正向解析已经写入了dns.quan.com对应的dns服务器地址229 PTR www.quan.com. 如果写的是abc.quan.com的话,在按照 添加A记录重启服务,测试验证
[root加CentOS6油 /]$service named restartStopping named: . [ OK ]Starting named: [ OK ][root加CentOS7油~]#host 203.195.217.229229.217.195.203.in-addr.arpa domain name pointer www.quan.com.[root加CentOS7油~]#dig @192.168.31.62 -x 203.195.217.229 注意: 反向解析要加入-x 加ip
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> @192.168.31.62 -x 203.195.217.229
; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16311;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;229.217.195.203.in-addr.arpa. IN PTR;; ANSWER SECTION:
229.217.195.203.in-addr.arpa. 86400 IN PTR www.quan.com.;; AUTHORITY SECTION:
217.195.203.in-addr.arpa. 86400 IN NS dns.quan.com.;; ADDITIONAL SECTION:
dns.quan.com. 86400 IN A 192.168.31.62;; Query time: 0 msec
;; SERVER: 192.168.31.62#53(192.168.31.62);; WHEN: Thu Apr 11 11:23:19 CST 2019;; MSG SIZE rcvd: 117主从DNS搭建
环境:必须安装版本相同的bind软件maser——dns:192.168.31.62 root加CentOS6油 slave——dns:192.168.31.140 root@CentOS6-1ntp-server:192.168.31.152 时间同步服务器 root@CentOS6-2测试主机1。master 和slave 的系统时间保持一致
[root加CentOS6油 ~]$crontab -eno crontab for root - using an empty onecrontab: installing new crontab[root加CentOS6油 ~]$crontab -l/2 * /usr/bin/rdata -s 192.168.31.152[root@CentOS6-1 ~]# crontab -eno crontab for root - using an empty onecrontab: installing new crontab[root@CentOS6-1 ~]# crontab -l*/2 * * * * /usr/bin/rdata -s 192.168.31.152 &>/dev/null
2.slave服务器上安装相应的软件(系统版本,软件版本高度保持一致)
安装软件yum install -y bind 修改主配置文件 和主服务器一样修改子配置文件 zone "quan.com" IN { type slave; 指定类型file "slaves/slave.quan.com"; 同步过来的文件的保存路径,主配置中已经设置了当前目录masters {192.168.31.62;}; 指定master dns 的ip地址 分号不能省};zone "momowu.cc" IN {
type slave;file "slaves/slave.momowu.cc";masters {192.168.31.62;};}: 注意:不需要手动创建slave.momowu.cc在master主操作
/etc/named.conf/etc/named.rfc1912.zones
将定义域的allow-update {none;}; 删掉,允许zone "quan.com" IN { type master;file "quan.com.zone";};重启服务
master:service named restartslave : service named restart注意:如果重启后,没有生成同步文件,要查看iptables 或者selinux有无关闭
测试:
修改:[root加CentOS7油~]#vim /etc/resolv.conf
nameserver 192.168.31.62nameserver 192.168.31.140~[root加CentOS7油~]#nslookup www.quan.com
Server: 192.168.31.62Address: 192.168.31.62#53Name: www.quan.com
Address: 203.195.217.229将master关掉之后
[root加CentOS7油~]#nslookup www.quan.com
Server: 192.168.31.140Address: 192.168.31.140#53Name: www.quan.com
Address: 203.195.217.229将master恢复之后,提供DNS还是master 主要还是与客户端的DNS服务器写的先后有关3.根据需求修改相应配置文件(master slave都要)
注意:若要值允许固定的服务器同步DNS数据,修改/etc/named.conf
man 5 named.conf 查看配置参数添加 allow-transfer {192.168.31.140;};搭建时间同步服务器NTP network time protocol 端口123
[root@CentOS6-2 ~]查看有无安装: rpm -q ntp yum list |grep ntp 安装软件yum install -y ntp 查询文件 rpm -ql ntp修改配置文件:加入一行restrict 192.168.31.0 mask 255.255.255.0 nomodify notrap192.168.31.0这个网段的主机都可以进行时间同步重启服务:客户端:[root@CentOS6-1 ~]# ntpdate 192.168.31.15211 Apr 14:07:08 ntpdate[28462]: no server suitable for synchronization found依赖于外网,同步时间有延时方法2: 安装xinetd软件:yum install -y xinetd 修改配置文件/etc/xinetd.d/time-dgram /etc/xinetd.d/time-stream 将disable = yes 改为no 重启服务 netstat -tunlp |grep 37 客户端: [root@CentOS6-1 ~]# rdate -s 192.168.31.152 [root@CentOS6-1 ~]# date Thu Apr 11 16:38:53 CST 2019
转载于:https://blog.51cto.com/14240011/2378075